CVE-2005-1928 - Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versio

CVE-2005-1928

Summary

Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.

References

Vulnerable Configurations

cpe:2.3:a:trend_micro:serverprotect_earthagent:5.58:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:serverprotect_earthagent:5.58:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-05-2011 - 04:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	15868
idefense	20051214 Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability
misc	http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25254 http://solutionfile.trendmicro.com/SolutionFile/25254/en/Hotfix_Readme_SPNT5_58_B1137.txt
osvdb	21773
sectrack	1015358
secunia	18038
sreason	259
vupen	ADV-2005-2907

Last major update

20-05-2011 - 04:00

Published

14-12-2005 - 23:03

Last modified

20-05-2011 - 04:00